ImageVerifierCode 换一换
格式:PDF , 页数:30 ,大小:126.42KB ,
资源ID:738507      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-738507.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TS 101 888-2003 Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4 Test Scenarios Security testing - H 323 environment《网络上电信和互联网协议的协调(TIPH_1.pdf)为本站会员(花仙子)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TS 101 888-2003 Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4 Test Scenarios Security testing - H 323 environment《网络上电信和互联网协议的协调(TIPH_1.pdf

1、 ETSI TS 101 888 V4.2.1 (2003-12)Technical Specification Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4;Test Scenarios;Security testing - H.323 environmentETSI ETSI TS 101 888 V4.2.1 (2003-12) 2 Reference RTS/TIPHON-06014R42 Keywords H.323, IP, protocol, tele

2、phony, testing, security, VoIP ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copie

3、s of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (P

4、DF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status

5、 of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing r

6、estriction extend to reproduction in all media. European Telecommunications Standards Institute 2003. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI

7、for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 101 888 V4.2.1 (2003-12) 3 Contents Intellectual Property Rights4 Foreword.4 1 Scope 5 2 References 5 3 Definitions and abbreviations.6 3.1 D

8、efinitions6 3.2 Abbreviations .6 4 Security test strategy 6 5 H.235 Annex D 7 5.1 Overview 7 5.2 Received message.10 5.3 Separate steps .11 5.4 RRQ message with H.235 V2 13 5.5 Following RFC with sendersID14 5.6 Test configurations.15 5.6.1 Gatekeeper and terminal .15 5.6.2 Gatekeeper and gateway .1

9、5 5.6.3 Gatekeeper and Gatekeeper 15 6 H.235, annex F .15 6.1 Overview 15 6.2 RRQ with DH Set received by the Gatekeeper with signed token .17 6.3 RCF with DH Set of GK received by the client with signed token 20 6.4 ARQ now with baseline security received by the Gatekeeper with CryptoHashedToken22

10、6.5 ACF received by the Client with cryptohashed token 24 6.6 Private key of Gatekeeper 26 6.7 Certificate of Gatekeeper27 6.8 Private key of endpoint.27 6.9 Certificate of endpoint28 6.10 Test Configurations 28 6.10.1 Gatekeeper and Terminal28 6.10.2 Gatekeeper and Gateway 28 6.10.3 Gatekeeper and

11、Gatekeeper 29 7 Global Service Providers29 History 30 ETSI ETSI TS 101 888 V4.2.1 (2003-12) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available

12、 for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (h

13、ttp:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or

14、may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Project Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON). ETSI ETSI TS 101 888 V4.2.1 (2003-12) 5 1 Scope The scope of the present document is to define th

15、e security test specifications for TIPHON Release 4 for the H.323 5 environment. The security methods considered in the present document are related only to IP based networks. The signalling path and the media path in the SCN is considered to be secure (“Trust by wire“). This security test specifica

16、tion does not explain recommendation H.235 2 and the annexes, nor does it explain how to implement the security procedures. For further information on H.235, please refer to 2 or 4. Rather, the present document provides a step-wise implementation approach showing example security message processing

17、along with the generated output. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication and/or edition number or version number) or non-specific. F

18、or a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. 1 ITU-T Recommendation H.225.0: “Call si

19、gnalling protocols and media stream packetization for packet based multimedia communication systems“. 2 ITU-T Recommendation H.235: “Security and Encryption for H.series (H.323 and other H.245 based) multimedia terminals “. 3 ITU-T Recommendation H.235 Annex F: “Hybrid Security Profile“. 4 ITU-T Rec

20、ommendation H.245: “Control protocol for multimedia communication“. 5 ITU-T Recommendation H.323: “Packet based multimedia communications systems“. 6 ETSI TS 101 883: “Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4; Interface Protocol Requirements Definition;

21、 Implementation of TIPHON architecture using H.323“. ETSI ETSI TS 101 888 V4.2.1 (2003-12) 6 3 Definitions and abbreviations 3.1 Definitions For the purpose of the present document, the definitions given in the IUT-T Recommendations H.225.0 1, H.235 2, H.245 4 and H.323 5. 3.2 Abbreviations For the

22、purposes of the present document, the following abbreviations apply: A Audio ARQ Admissions ReQuest ACF Admissions ConFirmARJ Admissions Reject A/V Audio/Video D Data DRQ Disengage Request DCF Disengage Confirm IP Internet ProtocolLRQ Location Request LCF Location Confirm QoS Quality of Service SCN

23、Switched Circuit Networks 4 Security test strategy Security testing should be performed after a vendor has completed product and system testing with the ETSI testing standards. The basic idea for security testing is to show the generation and insertion of the security bits into the specific paramete

24、rs of the H.323 5 messages. Because this mechanism is exactly the same on the senders and the receivers side, no distinction is necessary. To test entities for their implementation of security two entities (that are already interworking) need to be connected. In the case of an incorrect security inf

25、ormation it is necessary to go into the detail of the generation of the security bits. In order to be able to determine the reason for this failure the security tests strategy is just to look at the different steps of the generation and insertion of the security bits into the protocol elements. This

26、 is the only way to determine the failure. The Security testing shall be performed for the following configurations: Signalling path: - Gatekeeper and Terminal; - Gatekeeper and Gateway; - Gatekeeper and Gatekeeper. Media path: - Terminal and Terminal; - Terminal and Gateway; - Gateway and Gateway.

27、ETSI ETSI TS 101 888 V4.2.1 (2003-12) 7 Global Service Providers: - BES and TRC; - BES and CH; - BES and CA. The security testing shall be performed in three different parts where the first part deals with the security testing for the signalling path (Terminal, Gatekeeper, Gateway) using annex D of

28、H.235 2. The second part deals with the security aspects for the signalling path equivalent to the first but using annex F of H.235 2 and the media path using H.235. The third part handles the security testing from the BES to the global service providers. 5 H.235 Annex D 5.1 Overview Figure 1 shows

29、the basic steps to be taken at the originating entity and illustrates the procedures specified by Annex D of H.235 2, in particular clauses D.6.3.2 and D.6.3.3. ETSI ETSI TS 101 888 V4.2.1 (2003-12) 8 H.225.0 message CryptoH323Token nestedCryptoToken CryptoHashedToken token Timestamp random algOID g

30、eneral ID OIDs cryptoHashedToken hash value params sendersID DH Default pattern HASHED ASN.1 Encode message H.225.0 message CryptoH323Token 000.0000 Compute hash HMAC SHA1 password Compute SHA1 hash H.225.0 message CryptoH323Token 1 2 3 4 5 6 7 8 9 Figure 1: Stepwise approach for sender Figure 2 sho

31、ws the basic steps to be taken at the receiving side starting with the entire message, decoding, breaking it into pieces and extracting the necessary parts and the final computation/verification step. NOTE 1: The figures just visualize the essential steps as an example and correlate with the print o

32、ut in clause 5.3; in any case, the procedures and description of annex D of H.235 2 take precedence. NOTE 2: The print out in clause 5.4 reflect H.235 V2 with the sendersID used. NOTE 3: The figures and print out reflect a scenario endpoint to gatekeeper; other scenarios and examples are not shown.

33、ETSI ETSI TS 101 888 V4.2.1 (2003-12) 9 NOTE 4: The default pattern is a local value that is being used temporarily when computing the hash value, see clause D.6.3.3.2 of H.235 2. H.225.0 message CryptoH323Token nestedCryptoToken CryptoHashedToken token Timestamp random algOID general ID OIDs crypto

34、HashedToken hash value params sendersID DH RV HASHED Compute hash HMAC SHA1 password Compute SHA1 hash 1 3 10 11b 12 ASN.1 Decode message H.225.0 message CryptoH323Token 2 4 5 6 7 8 11 H.225.0 message CryptoH323Token 000.000 11a 9 Compare/Verify hash values RV 12 Figure 2: Stepwise approach for rece

35、iver ETSI ETSI TS 101 888 V4.2.1 (2003-12) 105.2 Received message The examples shown in clauses 5.2 and 5.3 use the RRQ sent by a Terminal and received at the Gatekeeper. The print out in clauses 5.2 and 5.3 reflects H.235V1, i.e. sendersID is not used. The received RRQ message is given in binary an

36、d with all fields shown. The received binary message part is given and the separate steps shown for the verification. Password = fries SHA1 = 91 27 1C 95 F0 A3 A0 6F 0D 79 75 B1 19 5F A1 28 8A 86 B6 D4 A received RRQ message with embedded Cryptotoken: * * RECEIVE RRQ FROM EP AT GK * * 14:34:12 TPKTC

37、HAN: Address: 14:34:12 TPKTCHAN: 0 TransportAddress = (0) . CHOICE . 14:34:12 TPKTCHAN: 1 . ipAddress = (0) . SEQUENCE 14:34:12 TPKTCHAN: 2 . . ip = (4) .j =0x8b17ca6a . OCTET STRING (44) 14:34:12 TPKTCHAN: 2 . . port = (1720) . INTEGER (065535) 14:34:21 UDPCHAN: New message (channel 0) recv Transpo

38、rtAddress = (0) . CHOICE . 14:34:21 UDPCHAN: 1 . ipAddress = (0) . SEQUENCE 14:34:21 UDPCHAN: 2 . . ip = (4) .j =0x8b17ca6a . OCTET STRING (44) 14:34:21 UDPCHAN: 2 . . port = (1151) . INTEGER (065535) 14:34:21 UDPCHAN: Binary: 14:34:21 UDPCHAN: 00000 0f 80 3a 27 06 00 08 91 4a 00 02 00 08 2b 0c 02 |

39、.:.“J+| 14:34:21 UDPCHAN: 00016 88 53 02 06 01 80 84 01 40 00 08 00 00 00 00 00 |S.| 14:34:21 UDPCHAN: 00032 00 21 72 00 5b 6f 20 00 52 00 07 00 00 fb 38 00 |.!r.o .R8.| 14:34:21 UDPCHAN: 00048 12 fa 68 00 12 c5 19 00 50 6f 20 00 52 00 07 00 |.hPo .R.| 14:34:21 UDPCHAN: 00064 00 fb 38 00 12 fa 68 00

40、 12 00 00 00 00 00 00 00 |.8h.| 14:34:21 UDPCHAN: 00080 00 6c c0 00 50 fb 38 00 12 fa 94 00 12 fa 9c 00 |.l.P8“.| 14:34:21 UDPCHAN: 00096 12 01 ec 00 00 02 36 00 00 00 0e 00 00 02 36 00 |.6.6.| 14:34:21 UDPCHAN: 00112 00 60 76 3d 18 20 ec f3 2e 00 00 00 00 9d b5 72 |.v=. .r| 14:34:21 UDPCHAN: 00128

41、5a 00 50 00 c2 01 ee 00 00 00 00 00 00 ff ff ff |Z.P.| 14:34:21 UDPCHAN: 00144 ff 20 31 20 33 32 31 32 20 1e 00 00 01 00 8b 17 | 1 3212 .| 14:34:21 UDPCHAN: 00160 ca 6a 04 80 01 00 8b 17 ca 6a 04 7f 22 c0 0b 0b |j.j.“| 14:34:21 UDPCHAN: 00176 00 0b 0f 54 65 73 74 20 61 70 70 6c 69 63 61 74 |.Test ap

42、plicat| 14:34:21 UDPCHAN: 00192 69 6f 6e 08 52 41 44 56 69 73 69 6f 6e 00 02 08 |ion.RADVision.| 14:34:21 UDPCHAN: 00208 00 46 c3 56 53 54 39 34 48 54 04 00 35 00 33 00 |.FVST94HT5.3.| 14:34:21 UDPCHAN: 00224 34 00 30 00 33 60 0b 0b 00 0b 0f 54 65 73 74 20 |4.0.3.Test | 14:34:21 UDPCHAN: 00240 61 70

43、 70 6c 69 63 61 74 69 6f 6e 08 52 41 44 56 |application.RADV| 14:34:21 UDPCHAN: 00256 69 73 69 6f 6e 12 2b 80 56 01 74 07 00 08 81 6b |ision.+V.t.k| 14:34:21 UDPCHAN: 00272 00 01 01 45 00 07 00 08 81 6b 00 01 05 c0 3a 22 |.Ek.:“| 14:34:21 UDPCHAN: 00288 62 db 01 29 22 00 53 00 69 00 65 00 6d 00 65 0

44、0 |b.)“.S.i.e.m.e.| 14:34:21 UDPCHAN: 00304 6e 00 73 00 20 00 47 00 61 00 74 00 65 00 6b 00 |n.s. .G.a.t.e.k.| 14:34:21 UDPCHAN: 00320 65 00 65 00 70 00 65 00 72 07 00 08 81 6b 00 01 |e.e.p.e.r.k| 14:34:21 UDPCHAN: 00336 06 00 60 07 89 a6 ee 75 bb 59 c1 a6 ca a4 72 01 |.uYr.| 14:34:21 UDPCHAN: 00352

45、 00 01 00 01 00 01 00 |.| 14:34:21 UDPCHAN: Message: 14:34:21 UDPCHAN: 0 RasMessage = (6502) . CHOICE . 14:34:21 UDPCHAN: 1 . registrationRequest = (4294967185) . SEQUENCE . 14:34:21 UDPCHAN: 2 . . requestSeqNum = (14888) . INTEGER (165535) 14:34:21 UDPCHAN: 2 . . protocolIdentifier = (6) itu-t reco

46、mmendation h 2250 0 2 . OBJECT IDENTIFIER 14:34:21 UDPCHAN: 2 . . nonStandardData = (4294967185) . SEQUENCE 14:34:21 UDPCHAN: 3 . . . nonStandardIdentifier = (10964) . CHOICE . 14:34:21 UDPCHAN: 4 . . . . object = (8) iso identified-organization 12 2 1107 2 6 1 . OBJECT IDENTIFIER 14:34:21 UDPCHAN:

47、3 . . . data = (132) .!r.o .R.8.h.Po .R.8.hlP.8.6.6v=. .rZ.P 1 321 =0x014000080000000000002172005b6f2000. OCTET STRING 14:34:21 UDPCHAN: 2 . . discoveryComplete = (0) . BOOLEAN 14:34:21 UDPCHAN: 2 . . callSignalAddress = (1) . SEQUENCE OF 14:34:21 UDPCHAN: 3 . . . * = (6669) . CHOICE . 14:34:21 UDPC

48、HAN: 4 . . . . ipAddress = (4294967185) . SEQUENCE 14:34:21 UDPCHAN: 5 . . . . . ip = (4) .j =0x8b17ca6a . OCTET STRING (44) 14:34:21 UDPCHAN: 5 . . . . . port = (1152) . INTEGER (065535) 14:34:21 UDPCHAN: 2 . . rasAddress = (1) . SEQUENCE OF 14:34:21 UDPCHAN: 3 . . . * = (6669) . CHOICE . 14:34:21 UDPCHAN: 4 . . . . ipAddress = (4294967185) . SEQUENCE 14:34:21 UDPCHAN: 5 . . . . . ip = (4) .j =0x8b17ca6a . OCTET ETSI ETSI TS 101 888 V4.2.1 (2003-12) 11STRING (44) 14:34:21 UDPCHAN: 5 . . . . . port = (1151) . INTEGER (065535) 14:34:21 UDPCHAN: 2 . . terminalType = (4294967

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1